Search Results (1568 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-45247 2026-04-15 6.1 Medium
Sonarr – CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
CVE-2025-44109 2026-04-15 5.4 Medium
A URL redirection in Pinokio v3.6.23 allows attackers to redirect victim users to attacker-controlled pages.
CVE-2025-4838 2026-04-15 4.3 Medium
A vulnerability, which was classified as problematic, was found in kanwangzjm Funiture up to 71ca0fb0658b3d839d9e049ac36429207f05329b. Affected is the function doPost of the file /funiture-master/src/main/java/com/app/mvc/acl/servlet/LoginServlet.java of the component Login. The manipulation of the argument ret leads to open redirect. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.
CVE-2025-50477 2026-04-15 5.4 Medium
A URL redirection in lbry-desktop v0.53.9 allows attackers to redirect victim users to attacker-controlled pages.
CVE-2024-56969 2026-04-15 6.5 Medium
An issue in Pixocial Technology (Singapore) Pte. Ltd BeautyPlus iOS 7.8.010 allows attackers to access sensitive user information via supplying a crafted link.
CVE-2025-67585 1 Wordpress 1 Wordpress 2026-04-15 4.7 Medium
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in flexmls Flexmls® IDX flexmls-idx allows Phishing.This issue affects Flexmls® IDX: from n/a through <= 3.15.7.
CVE-2025-23086 2026-04-15 6.1 Medium
On most desktop platforms, Brave Browser versions 1.70.x-1.73.x included a feature to show a site's origin on the OS-provided file selector dialog when a site prompts the user to upload or download a file. However the origin was not correctly inferred in some cases. When combined with an open redirector vulnerability on a trusted site, this could allow a malicious site to initiate a download whose origin in the file select dialog appears as the trusted site which initiated the redirect.
CVE-2024-4133 2026-04-15 6.1 Medium
The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 4.0.30. This is due to insufficient validation on the redirect url supplied via the redirect_to parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.
CVE-2024-56963 2026-04-15 6.5 Medium
An issue in Beijing Sogou Technology Development Co., Ltd Sogou Input iOS 12.2.0 allows attackers to access sensitive user information via supplying a crafted link.
CVE-2024-56953 2026-04-15 6.5 Medium
An issue in Baidu (China) Co Ltd Baidu Input Method (iOS version) v12.6.13 allows attackers to access user information via supplying a crafted link.
CVE-2024-56950 2026-04-15 6.5 Medium
An issue in KuGou Technology Co., Ltd KuGou Concept iOS 4.0.61 allows attackers to access sensitive user information via supplying a crafted link.
CVE-2024-53264 2026-04-15 N/A
bunkerweb is an Open-source and next-generation Web Application Firewall (WAF). A open redirect vulnerability exists in the loading endpoint, allowing attackers to redirect authenticated users to arbitrary external URLs via the "next" parameter. The loading endpoint accepts and uses an unvalidated "next" parameter for redirects. Ex. visiting: `/loading?next=https://google.com` while authenticated will cause the page will redirect to google.com. This vulnerability could be used in phishing attacks by redirecting users from a legitimate application URL to malicious sites. This issue has been addressed in version 1.5.11. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2024-56949 2026-04-15 6.5 Medium
An issue in Guangzhou Polar Future Culture Technology Co., Ltd University Search iOS 2.27.0 allows attackers to access sensitive user information via supplying a crafted link.
CVE-2024-56948 2026-04-15 6.5 Medium
An issue in KuGou Technology CO. LTD KuGou Music iOS v20.0.0 allows attackers to access sensitive user information via supplying a crafted link.
CVE-2024-56947 2026-04-15 6.5 Medium
An issue in Xiamen Meitu Technology Co., Ltd. BeautyCam iOS v12.3.60 allows attackers to access sensitive user information via supplying a crafted link.
CVE-2024-55017 1 Corezoid 1 Corezoid 2026-04-15 7.5 High
Account Takeover in Corezoid 6.6.0 in the OAuth2 implementation via an open redirect in the redirect_uri parameter allows attackers to intercept authorization codes and gain unauthorized access to victim accounts.
CVE-2025-12789 1 Redhat 1 Red Hat Single Sign On 2026-04-15 6.1 Medium
A flaw was found in Red Hat Single Sign-On. This issue is an Open Redirect vulnerability that occurs during the logout process. The redirect_uri parameter associated with the openid-connect logout protocol does not properly validate the provided URL.
CVE-2025-69725 1 Go-chi 1 Chi 2026-04-15 4.7 Medium
An Open Redirect vulnerability in the go-chi/chi >=5.2.2 RedirectSlashes function allows remote attackers to redirect victim users to malicious websites using the legitimate website domain.
CVE-2025-50736 1 Byaidu 1 Pdfmathtranslate 2026-04-15 6.1 Medium
An open redirect vulnerability exists in Byaidu PDFMathTranslate v1.9.9 that allows attackers to craft URLs that cause the application to redirect users to arbitrary external websites via the file parameter to the /gradio_api endpoint. This vulnerability could be exploited for phishing attacks or to bypass security filters.
CVE-2025-58067 1 Basecamp 1 Basecamp 2026-04-15 4.2 Medium
Basecamp's Google Sign-In adds Google sign-in to Rails applications. Prior to version 1.3.1, it is possible to redirect a user to another origin if the "proceed_to" value in the session store is set to a protocol-relative URL. Normally the value of this URL is only written and read by the library or the calling application. However, it may be possible to set this session value from a malicious site with a form submission. Any Rails applications using the google_sign_in gem may be vulnerable, if this vector can be chained with another attack that is able to modify the OAuth2 request parameters. This issue has been patched in version 1.3.1. There are no workarounds.